[英]gitlab CE docker push to registry hosted in s3 fails with “denied: access forbidden”
In gitlab CE docker push to registry hosted in s3 fails with "denied: access forbidden" 在gitlab CE中,docker推送到s3中托管的注册表失败,并显示“拒绝:禁止访问”
Here is a sample of my gitlab-ci.yml file: 这是我的gitlab-ci.yml文件的示例:
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN gitlab.domain.net (successful)
Build:
stage: build
script:
- docker build --pull -t $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME . (successful)
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME (FAILS)
Result: Fails during the push. 结果:推送期间失败。
The push refers to repository [gitlab.domain.net:6565/sfloyd/myapp]
7f44c19d438d: Preparing
26472437084c: Preparing
2de391e51d73: Preparing
d73dd9e65295: Preparing
686245e78935: Preparing
d7ff1dc646ba: Preparing
644879075e24: Preparing
d7ff1dc646ba: Waiting
644879075e24: Waiting
denied: access forbidden
ERROR: Job failed: exit code 1
I have tried not using S3 and having the registry store the images on the gitlab server itself and that fails with the same result. 我尝试过不使用S3并让注册表将图像存储在gitlab服务器本身上,但是失败并得到相同的结果。 I even set the S3 bucket open to the world for read and write as a test and that also failed.
我什至将S3存储桶设置为向世界开放以进行读写测试,但这也失败了。 The CI_JOB_TOKEN was given "read_registry" access just like the Gitlab documentation states...although I feel like it should have write as well but its not an option.
就像Gitlab文档指出的那样,已将CI_JOB_TOKEN授予了“ read_registry”访问权限...虽然我觉得它也应该具有写入功能,但不是可选项。 I have swapped out the username to log in with, with the username of the token and it fails with the same result.
我已经用令牌的用户名换出了用于登录的用户名,但失败了,结果相同。 I created an access token for my admin user giving it API access and that fails.
我为管理员用户创建了访问令牌,并为其提供了API访问权限,但失败了。 Interestingly if i use my admin user and the access token with API access it works LOCALLY but not when I put those same values in the gitlab-ci.yml file.
有趣的是,如果我使用我的管理员用户和具有API访问权限的访问令牌,则它只能在本地运行,但是当我将这些相同的值放在gitlab-ci.yml文件中时却无法正常工作。
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
gitlab.domain.net:6565/sfloyd/myapp master b03b47a5987d 14 seconds ago 211MB
ubuntu 16.04 5e8b97a2a082 2 days ago 114MB
$ docker push gitlab.domain.net:6565/sfloyd/myapp:master
The push refers to repository [gitlab.domain.net:6565/sfloyd/myapp]
6852ea579a31: Pushed
5f7a44809386: Pushed
2de391e51d73: Layer already exists
d73dd9e65295: Layer already exists
686245e78935: Layer already exists
d7ff1dc646ba: Layer already exists
644879075e24: Layer already exists
master: digest: sha256:0f9f6c3d6ebc7f23f52a5b7be06457359de1c24959336de5b5e9e0a208a5b8c8 size: 1781
Ive pretty much exhausted everything I can think of. 我几乎耗尽了我能想到的一切。 Anyone have a suggestion?
有人有建议吗?
GitLab 10.8.1 Gitlab Runner 10.8.0 Also not sure if this matters but this is a private project. GitLab 10.8.1 Gitlab Runner 10.8.0也不确定这是否重要,但这是一个私人项目。
Got it working in case someone else runs into this... 万一有人碰到这个就可以了...
For some reason this worked as my login: docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY 由于某种原因,这作为我的登录名起作用:docker login -u $ CI_REGISTRY_USER -p $ CI_JOB_TOKEN $ CI_REGISTRY
But did not work when I hardcoded those values in. 但是当我对这些值进行硬编码时没有用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.